
 <!DOCTYPE HTML>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
  
    <title>理解小程序的安全与管控 | Here. There.</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=3, minimum-scale=1">
    
    <meta name="author" content="被删">
    
    <meta name="description" content="作为一个平台，管控和安全是很有必要性的。虽然说这些是开发自己需要进行防范的，但是平台如果能解决，也算是皆大欢喜了。">
    
    
    
    
    <link rel="alternate" href="/atom.xml" title="Here. There." type="application/atom+xml">
    
    
    <link rel="icon" href="/img/favicon.ico">
    
    
    <link rel="apple-touch-icon" href="/img/pacman.jpg">
    <link rel="apple-touch-icon-precomposed" href="/img/pacman.jpg">
    
    <link rel="stylesheet" href="/css/style.css">
    
<script type="text/javascript">
var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "//hm.baidu.com/hm.js?3d902de4a19cf2bf179534ffd2dd7b7f";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
</script>

</head>

  <body>
    <header>
      <div>
		
			<div id="imglogo">
				<a href="/"><img src="/img/sun.png" alt="Here. There." title="Here. There."/></a>
			</div>
			
			<div id="textlogo">
				<h1 class="site-name"><a href="/" title="Here. There.">Here. There.</a></h1>
				<h2 class="blog-motto">Love ice cream. Love sunshine. Love life. Love the world. Love myself. Love you.</h2>
			</div>
			<div class="navbar"><a class="navbutton navmobile" href="#" title="菜单">
			</a></div>
			<nav class="animated">
				<ul>
					
						<li><a href="/">首页</a></li>
					
						<li><a href="https://github.com/godbasin/godbasin.github.io">所有文章</a></li>
					
						<li><a href="/archives">归档</a></li>
					
						<li><a href="/categories">分类</a></li>
					
						<li><a href="https://godbasin.github.io/front-end-playground">前端游乐场</a></li>
					
						<li><a href="/about">关于我</a></li>
					
				</ul>
			</nav>			
</div>

    </header>
    <div id="container">
      <div id="main" class="post" itemscope itemprop="blogPost">
	<article itemprop="articleBody"> 
		<header class="article-info clearfix">
  <h1 itemprop="name">
    
      <a href="/2018/11/04/wxapp-manage-and-security/" title="理解小程序的安全与管控" itemprop="url">理解小程序的安全与管控</a>
  </h1>
  <p class="article-author">By
    
      <a href="https://godbasin.github.io" title="被删">被删</a>
    </p>
  <p class="article-time">
    <time datetime="2018-11-04T02:50:22.000Z" itemprop="datePublished">2018-11-04</time>
    更新日期:<time datetime="2018-11-13T14:50:40.017Z" itemprop="dateModified">2018-11-13</time>
    
  </p>
</header>
	<div class="article-content">
		
		
		<div id="toc" class="toc-article">
			<strong class="toc-title">文章目录</strong>
		<ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#双线程到底解决了什么"><span class="toc-number">1.</span> <span class="toc-text">双线程到底解决了什么</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#H5-的隐患"><span class="toc-number">1.1.</span> <span class="toc-text">H5 的隐患</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#难以实现的管控"><span class="toc-number">1.2.</span> <span class="toc-text">难以实现的管控</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#安全的逻辑层"><span class="toc-number">1.3.</span> <span class="toc-text">安全的逻辑层</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#审核机制的管控"><span class="toc-number">2.</span> <span class="toc-text">审核机制的管控</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#WebView的飞速发展"><span class="toc-number">2.1.</span> <span class="toc-text">WebView的飞速发展</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#难管控的-JSSDK"><span class="toc-number">2.2.</span> <span class="toc-text">难管控的 JSSDK</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#小程序的审核机制"><span class="toc-number">2.3.</span> <span class="toc-text">小程序的审核机制</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#安全的登录机制"><span class="toc-number">3.</span> <span class="toc-text">安全的登录机制</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#危险的-cookie"><span class="toc-number">3.1.</span> <span class="toc-text">危险的 cookie</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#小程序登录"><span class="toc-number">3.2.</span> <span class="toc-text">小程序登录</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#可靠的-code"><span class="toc-number">3.3.</span> <span class="toc-text">可靠的 code</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#需要保护的-AppSecret"><span class="toc-number">3.4.</span> <span class="toc-text">需要保护的 AppSecret</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#参考"><span class="toc-number">3.5.</span> <span class="toc-text">参考</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#结束语"><span class="toc-number">4.</span> <span class="toc-text">结束语</span></a></li></ol>
		</div>
		
		<p>作为一个平台，管控和安全是很有必要性的。虽然说这些是开发自己需要进行防范的，但是平台如果能解决，也算是皆大欢喜了。<br><a id="more"></a></p>
<h2 id="双线程到底解决了什么"><a href="#双线程到底解决了什么" class="headerlink" title="双线程到底解决了什么"></a>双线程到底解决了什么</h2><p>先给小程序团队的双线程设计鼓个掌，关于双线程大家也可以回顾下<a href="https://godbasin.github.io/2018/09/02/wxapp-technology-architecture/">《小程序的底层框架》</a>。</p>
<h3 id="H5-的隐患"><a href="#H5-的隐患" class="headerlink" title="H5 的隐患"></a>H5 的隐患</h3><p>要知道，Web 技术是非常开放灵活的，开发者可以利用 JavaScript 脚本随意地操作 DOM，这是会带来以下的问题：</p>
<p><strong>随意地跳转网页，改变界面上的任意内容</strong><br>开发者可以利用 JavaScript 脚本随意地跳转网页，或是改变界面上的任意内容。当然，恶意攻击者也能利用这种便利。</p>
<p><strong>获取页面数据</strong><br>小程序也提供可一种可以展示敏感数据的组件，<code>&lt;open-data&gt;</code>能展示包括用户昵称、头像、性别、地理位置等信息（无需用户授权）。<br>如果开发者可以操作 DOM，意味着他们可以随意拿到用户的敏感信息。</p>
<p><strong>常见的前端漏洞</strong><br>开发者们普遍重视的安全漏洞，在前端常见的有 XSS 和 CSRF，XSS 是通过注入 JavaScript 脚本的方式来达到特定目的，而 CSRF 则是利用了 cookie。<br>XSS 在双线程的设计中就被过滤了，而 CSRF 会在后面讲到。</p>
<h3 id="难以实现的管控"><a href="#难以实现的管控" class="headerlink" title="难以实现的管控"></a>难以实现的管控</h3><p>为了解决管控与安全问题，小程序需要禁用掉：</p>
<ul>
<li>危险的 HTML 标签或者相关属性，如外跳 url 的 a 标签</li>
<li>危险的 API，如操作界面的 API、动态运行脚本的 API</li>
</ul>
<p>如果要一个一个禁止，JavaScript 的灵活性以及浏览器接口的丰富性，会导致很容易遗漏一些危险的接口。并且浏览器内核在不断更新，或许下一版本会新增一个可能会在这套体系下产生漏洞的接口，无法完全避免。</p>
<h3 id="安全的逻辑层"><a href="#安全的逻辑层" class="headerlink" title="安全的逻辑层"></a>安全的逻辑层</h3><p>要怎么彻底解决这些问题呢？给大家点提示：</p>
<p><img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/sandbox.png" alt="image"></p>
<p>没错，就是沙箱环境。通过提供一个纯 JavaScript 的解释执行环境，这个环境没有浏览器相关接口，当然也不用担心操作 DOM、跳转等问题了。在 iOS 下是用内置的 JavaScriptCore 框架，在安卓下是 JsCore 环境（旧版是腾讯 x5 内核提供，新版是 v8 提供）。</p>
<p>一起来回顾下小程序的双线程长什么样子：</p>
<p><img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/1537414306%281%29.png" alt="image"></p>
<p>客户端系统有 JavaScript 的解释引擎，则可以创建一个单独的线程去执行 JavaScript，这个环境下只执行有关小程序业务逻辑的代码。界面渲染相关的任务呢，就丢到 webview 线程里面，通过逻辑层代码去控制渲染哪些界面。</p>
<p><strong>把开发者的 JS 逻辑代码放到单独的线程去运行，因为不在 Webview 线程里，所以这个环境没有 Webview 任何接口，自然的开发者就没法直接操作 DOM，也就没法动态去更改界面或者抓取页面数据。</strong></p>
<p>同时小程序不支持动态载入脚本，XSS 漏洞自然也无缝可钻。</p>
<h2 id="审核机制的管控"><a href="#审核机制的管控" class="headerlink" title="审核机制的管控"></a>审核机制的管控</h2><p>审核机制，故事要从公众号讲起了。</p>
<h3 id="WebView的飞速发展"><a href="#WebView的飞速发展" class="headerlink" title="WebView的飞速发展"></a>WebView的飞速发展</h3><p>当年随着公众号的出现和繁荣，WebView 的使用频率也越来越高。不少的企业或是小商家、外包公司开始做 H5 页面，各式各样的 H5 活动页、小商城、小测试、小游戏满天飞。</p>
<p><img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/1537444454%281%29.jpg" alt="image"></p>
<p>当微信中的 WebView 逐渐成为移动 Web 的一个重要入口时，微信就有相关的 JS API 了。</p>
<p>2015年初，微信发布了一整套网页开发工具包，开放了拍摄、录音、语音识别、二维码、地图、支付、分享、卡券等几十个API，称之为 JS-SDK。</p>
<p>到这个时候，web开发者可以使用到微信的原生能力，去完成一些之前做不到或者很难做到的事情。</p>
<h3 id="难管控的-JSSDK"><a href="#难管控的-JSSDK" class="headerlink" title="难管控的 JSSDK"></a>难管控的 JSSDK</h3><p>由于使用 WebView 和 JSSDK 的人越来越多，微信上越来越多干坏事的人，有人做假红包，有人诱导分享，有伪造一些官方活动，他们会利用 JSSDK 的分享能力变相的去裂变分享到各个群或者朋友圈。</p>
<p><img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/1537444835.jpg" alt="image"></p>
<p>由于 JSSDK 是根据域名来赋予 api 权限的，运营人员封了一个域名后，他们立马用别的域名又继续做坏，注册一个新的域名的成本是很低的。</p>
<h3 id="小程序的审核机制"><a href="#小程序的审核机制" class="headerlink" title="小程序的审核机制"></a>小程序的审核机制</h3><p>为了保证小程序的质量，以及符合相关的规范，小程序的发布是需要经过审核的。经过审核的小程序才能对外发布，同时在出现问题时，小程序会被下架停用。</p>
<p>另外，每个微信小程序需要事先设置一个通讯域名，小程序只可以跟指定的域名与进行网络通信，包括普通 HTTPS 请求、上传文件、下载文件和 WebSocket 通信，参考<a href="https://developers.weixin.qq.com/miniprogram/dev/framework/ability/network.html" target="_blank" rel="external">框架-网络</a>。这些通讯域名，也都必须要求通过备案。</p>
<p>同时，小程序必须使用 HTTPS 发起网络请求。请求时系统会对服务器域名使用的 HTTPS 证书进行校验，如果校验失败，则请求不能成功发起。</p>
<p>这些种种的限制和管理模式，都进一步保障了用户的数据和隐私安全。</p>
<h2 id="安全的登录机制"><a href="#安全的登录机制" class="headerlink" title="安全的登录机制"></a>安全的登录机制</h2><p>想必在座的各位前端开发者，都清楚 CSRF 安全漏洞。</p>
<h3 id="危险的-cookie"><a href="#危险的-cookie" class="headerlink" title="危险的 cookie"></a>危险的 cookie</h3><p>跨站请求攻击（CSRF），简单地说，是攻击者通过一些技术手段欺骗用户的浏览器去访问一个自己曾经认证过的网站并运行一些操作（如发邮件，发消息，甚至财产操作如转账和购买商品）。由于浏览器曾经认证过，所以被访问的网站会认为是真正的用户操作而去运行。</p>
<p>这利用了 web 中用户身份验证的一个漏洞：简单的身份验证只能保证请求发自某个用户的浏览器，却不能保证请求本身是用户自愿发出的。通常的罪魁祸首则是浏览器的 cookie 登录态。</p>
<p>除了检查 Referer 字段来防范，更有效的一种方式是使用 token。小程序也是这么做的。</p>
<h3 id="小程序登录"><a href="#小程序登录" class="headerlink" title="小程序登录"></a>小程序登录</h3><p>小程序可以通过微信官方提供的登录能力方便地获取微信提供的用户身份标识，快速建立小程序内的用户体系。参考官方时序图：</p>
<p><img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/%E6%8E%88%E6%9D%83%E6%97%B6%E5%BA%8F%E5%9B%BE.jpg" alt="image"></p>
<p>在小程序中调用<code>wx.login()</code>，能拿到一个<code>code</code>作为用户登录凭证（有效期五分钟）。在开发者服务器后台，开发者可使用<code>code</code>换取<code>openid</code>和<code>session_key</code>等信息（<code>code</code>只能使用一次）。</p>
<h3 id="可靠的-code"><a href="#可靠的-code" class="headerlink" title="可靠的 code"></a>可靠的 code</h3><p>假设现在有个接口，请求 <a href="https://test.com/getUserInfo?id=1" target="_blank" rel="external">https://test.com/getUserInfo?id=1</a> 拉取到微信用户 id 为 1 在我们业务侧的个人信息，那么黑客就可以通过遍历所有的 id，把整个业务侧的个人信息数据全部拉走，会给业务带来很大的安全风险。</p>
<p>由于<code>code</code> 5 分钟后会过期，如果黑客要冒充一个用户的话，那他就必须在 5 分钟内穷举所有的身份证 id，然后去开发者服务器换取真实的用户身份。而<code>code</code>在成功换取一次信息之后也会立即失效，即便凭证<code>code</code>生成时间还没过期。显然，黑客要付出非常大的成本才能获取到一个用户信息，同时，开发者服务器也可以通过一些技术手段检测到5分钟内频繁从某个 ip 发送过来的登录请求，从而拒绝掉这些请求。</p>
<h3 id="需要保护的-AppSecret"><a href="#需要保护的-AppSecret" class="headerlink" title="需要保护的 AppSecret"></a>需要保护的 AppSecret</h3><p>开发者的后台就拿到了前边<code>wx.login()</code>所生成的微信登录凭证<code>code</code>，此时就可以拿这个<code>code</code>到微信服务器换取微信用户身份。微信服务器为了确保拿<code>code</code>过来换取身份信息的人就是刚刚对应的小程序开发者，到微信服务器的请求要同时带上<code>AppId</code>和<code>AppSecret</code>。</p>
<p><code>AppId</code>和<code>AppSecret</code>是微信鉴别开发者身份的重要信息，<code>AppId</code>是公开信息，泄露AppId不会带来安全风险，但是<code>AppSecret</code>是开发者的隐私数据不应该泄露，开发者需要好好保护。</p>
<h3 id="参考"><a href="#参考" class="headerlink" title="参考"></a>参考</h3><ul>
<li><a href="https://developers.weixin.qq.com/ebook?action=get_post_info&amp;token=935589521&amp;volumn=1&amp;lang=zh_CN&amp;book=miniprogram&amp;docid=000cc48f96c5989b0086ddc7e56c0a" target="_blank" rel="external">《小程序开发指南》</a></li>
</ul>
<h2 id="结束语"><a href="#结束语" class="headerlink" title="结束语"></a>结束语</h2><hr>
<p>作为一个开放的平台，小程序在提供微信加持、体验加持的能力给开发者使用的同时，也替用户和开发者做了很多安全性上的保障。<br>或许有人说，这是牺牲了开发者的开放性换来的，而我认为这样才是个有灵魂的平台。</p>
  
		
		<p style="margin-top:50px;">
			查看Github有更多内容噢：<a href="https://github.com/godbasin">https://github.com/godbasin</a>
			<br>
			更欢迎来<a href="https://godbasin.github.io/front-end-playground">被删的前端游乐场</a>边撸猫边学前端噢
		</p>
	</div>
	<img src="https://github-imglib-1255459943.cos.ap-chengdu.myqcloud.com/2code2.jpg" width="200" height="200" style="display:block;margin: 0 auto;" />
	<p style="text-align: center;margin-top: 10px;margin-bottom: 20px;">码生艰难，写文不易，给我家猪囤点猫粮了喵~</p>
	<div class="author-right">
  		<p>作者：被删</p>
  		<p>出处：<a href="https://godbasin.github.io">https://godbasin.github.io</a></p>
  		<p>本文版权归作者所有，欢迎转载，但未经作者同意必须保留此段声明，且在文章页面明显位置给出原文连接，否则保留追究法律责任的权利。</p>
	</div>
		<footer class="article-footer clearfix">

  <div class="article-tags">
  
  <span></span> <a href="/tags/教程/">教程</a>
  </div>


<div class="article-categories">
  <span></span>
  <a class="article-category-link" href="/categories/小程序双皮奶/">小程序双皮奶</a>
</div>



<div class="article-share" id="share">

  
<!-- JiaThis Button BEGIN -->
<div class="jiathis_style_24x24">
	<a class="jiathis_button_qzone"></a>
	<a class="jiathis_button_tsina"></a>
	<a class="jiathis_button_tqq"></a>
	<a class="jiathis_button_weixin"></a>
	<a class="jiathis_button_renren"></a>
	<a href="http://www.jiathis.com/share?uid=2134021" class="jiathis jiathis_txt jtico jtico_jiathis" target="_blank"></a>
</div>
<script type="text/javascript">
var jiathis_config = {data_track_clickback:'true'};
</script>
<script type="text/javascript" src="http://v3.jiathis.com/code_mini/jia.js?uid=2134021" charset="utf-8"></script>
<!-- JiaThis Button END -->   


</div>
</footer>   	       
	</article>
	
<nav class="article-nav clearfix">
 
 <div class="prev" >
 <a href="/2018/11/17/wxapp-login/" title="小程序的登录与静默续期">
  <strong>PREVIOUS:</strong><br/>
  <span>
  小程序的登录与静默续期</span>
</a>
</div>


<div class="next">
<a href="/2018/10/05/wxapp-set-data/"  title="解剖小程序的 setData">
 <strong>NEXT:</strong><br/> 
 <span>解剖小程序的 setData
</span>
</a>
</div>

</nav>

	<!-- 如果不是首页且没使用 `comments: false` 关闭评论，则尝试加载评论 -->

    <!-- 配置中启用多说时，导入相应代码 -->
    


</div>  
      <div class="openaside"><a class="navbutton" href="#" title="显示侧边栏"></a></div>

  <div id="toc" class="toc-aside">
  <strong class="toc-title">文章目录</strong>
  <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#双线程到底解决了什么"><span class="toc-number">1.</span> <span class="toc-text">双线程到底解决了什么</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#H5-的隐患"><span class="toc-number">1.1.</span> <span class="toc-text">H5 的隐患</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#难以实现的管控"><span class="toc-number">1.2.</span> <span class="toc-text">难以实现的管控</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#安全的逻辑层"><span class="toc-number">1.3.</span> <span class="toc-text">安全的逻辑层</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#审核机制的管控"><span class="toc-number">2.</span> <span class="toc-text">审核机制的管控</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#WebView的飞速发展"><span class="toc-number">2.1.</span> <span class="toc-text">WebView的飞速发展</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#难管控的-JSSDK"><span class="toc-number">2.2.</span> <span class="toc-text">难管控的 JSSDK</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#小程序的审核机制"><span class="toc-number">2.3.</span> <span class="toc-text">小程序的审核机制</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#安全的登录机制"><span class="toc-number">3.</span> <span class="toc-text">安全的登录机制</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#危险的-cookie"><span class="toc-number">3.1.</span> <span class="toc-text">危险的 cookie</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#小程序登录"><span class="toc-number">3.2.</span> <span class="toc-text">小程序登录</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#可靠的-code"><span class="toc-number">3.3.</span> <span class="toc-text">可靠的 code</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#需要保护的-AppSecret"><span class="toc-number">3.4.</span> <span class="toc-text">需要保护的 AppSecret</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#参考"><span class="toc-number">3.5.</span> <span class="toc-text">参考</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#结束语"><span class="toc-number">4.</span> <span class="toc-text">结束语</span></a></li></ol>
  </div>

<div id="asidepart">
<div class="closeaside"><a class="closebutton" href="#" title="隐藏侧边栏"></a></div>
<aside class="clearfix">

  	
	<div class="archiveslist">
		<p class="asidetitle">最近文章</p>
			<ul class="archive-list">
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/11/15/wxapp-latest-20191115/" title="小程序开发月刊第11期（20191115）">小程序开发月刊第11期（201911...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/11/10/change-log/" title="前端 CHANGELOG 生成指南">前端 CHANGELOG 生成指南...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/11/09/wxapp-global-data-behavior/" title="小程序的奇技淫巧 -- globalDataBehavior管理全局状态">小程序的奇技淫巧 -- global...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/10/15/wxapp-latest-20191015/" title="小程序开发月刊第十期（20191015）">小程序开发月刊第十期（2019101...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/10/13/about-front-end-3-growth/" title="前端这几年--3.关于成长和焦虑">前端这几年--3.关于成长和焦虑...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/09/16/wxapp-latest-20190916/" title="小程序开发月刊第九期（20190916）">小程序开发月刊第九期（2019091...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/08/15/wxapp-latest-20190815/" title="小程序开发月刊第八期（20190815）">小程序开发月刊第八期（2019081...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/07/27/front-end-playground/" title="被删的前端游乐场建成！">被删的前端游乐场建成！</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/07/21/vue-for-everyone-3/" title="9102全员学Vue--3.把页面拼成个Web应用">9102全员学Vue--3.把页面拼...</a>
				</li>
				
			
					
				<li class="archive-list-item">
					<a class="archive-list-link" href="/2019/07/15/wxapp-latest-20190715/" title="小程序开发月刊第七期（20190715）">小程序开发月刊第七期（2019071...</a>
				</li>
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
				
			
			</ul>
	</div>


  
  <div class="archiveslist">
    <p class="asidetitle"><a href="/archives">归档</a></p>
      <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/11/">十一月 2019</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/10/">十月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/09/">九月 2019</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/08/">八月 2019</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/07/">七月 2019</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/06/">六月 2019</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/05/">五月 2019</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/04/">四月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/03/">三月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/02/">二月 2019</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2019/01/">一月 2019</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/12/">十二月 2018</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/11/">十一月 2018</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/10/">十月 2018</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/09/">九月 2018</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/08/">八月 2018</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/07/">七月 2018</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/06/">六月 2018</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/05/">五月 2018</a><span class="archive-list-count">5</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/04/">四月 2018</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/03/">三月 2018</a><span class="archive-list-count">7</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/02/">二月 2018</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/01/">一月 2018</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/12/">十二月 2017</a><span class="archive-list-count">5</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/11/">十一月 2017</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/10/">十月 2017</a><span class="archive-list-count">5</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/09/">九月 2017</a><span class="archive-list-count">6</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/08/">八月 2017</a><span class="archive-list-count">11</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/07/">七月 2017</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/06/">六月 2017</a><span class="archive-list-count">10</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/05/">五月 2017</a><span class="archive-list-count">15</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/04/">四月 2017</a><span class="archive-list-count">7</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/03/">三月 2017</a><span class="archive-list-count">10</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/02/">二月 2017</a><span class="archive-list-count">41</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/01/">一月 2017</a><span class="archive-list-count">6</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/12/">十二月 2016</a><span class="archive-list-count">7</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/11/">十一月 2016</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/10/">十月 2016</a><span class="archive-list-count">5</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/09/">九月 2016</a><span class="archive-list-count">7</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/08/">八月 2016</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/07/">七月 2016</a><span class="archive-list-count">14</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2016/06/">六月 2016</a><span class="archive-list-count">9</span></li></ul>
  </div>


  
<div class="archiveslist">
	<p class="asidetitle"><a href="/categories">分类</a></p>
		<ul class="archive-list">
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/CSS炒饭/" title="CSS炒饭">CSS炒饭<sup>3</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/D3小馒头/" title="D3小馒头">D3小馒头<sup>8</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/angular2火锅/" title="angular2火锅">angular2火锅<sup>25</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/angular混搭/" title="angular混搭">angular混搭<sup>33</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/box2djs方糖/" title="box2djs方糖">box2djs方糖<sup>34</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/cyclejs哈根达斯/" title="cyclejs哈根达斯">cyclejs哈根达斯<sup>8</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/jQuery杂烩/" title="jQuery杂烩">jQuery杂烩<sup>3</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/js什锦/" title="js什锦">js什锦<sup>26</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/react沙拉/" title="react沙拉">react沙拉<sup>16</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/three-js奶茶/" title="three.js奶茶">three.js奶茶<sup>5</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/vue八宝粥/" title="vue八宝粥">vue八宝粥<sup>29</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/webpack宾治/" title="webpack宾治">webpack宾治<sup>9</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/web乱炖/" title="web乱炖">web乱炖<sup>2</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/前端满汉全席/" title="前端满汉全席">前端满汉全席<sup>8</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/喵/" title="喵">喵<sup>2</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/小程序双皮奶/" title="小程序双皮奶">小程序双皮奶<sup>27</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/工作这杯茶/" title="工作这杯茶">工作这杯茶<sup>5</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/应用巧克力盒/" title="应用巧克力盒">应用巧克力盒<sup>2</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/思想棉花糖/" title="思想棉花糖">思想棉花糖<sup>8</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/柴米油盐工具集/" title="柴米油盐工具集">柴米油盐工具集<sup>1</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/自动化甜筒/" title="自动化甜筒">自动化甜筒<sup>1</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/categories/非前端钙片/" title="非前端钙片">非前端钙片<sup>7</sup></a>
			</li>
		
		</ul>
</div>


  
<div class="archiveslist">
	<p class="asidetitle">标签</p>
		<ul class="archive-list">
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/分享/" title="分享">分享<sup>44</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/原创部件/" title="原创部件">原创部件<sup>1</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/心态/" title="心态">心态<sup>5</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/教程/" title="教程">教程<sup>73</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/晒猫/" title="晒猫">晒猫<sup>2</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/笔记/" title="笔记">笔记<sup>121</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/算法/" title="算法">算法<sup>9</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/自制插件/" title="自制插件">自制插件<sup>2</sup></a>
			</li>
		
			<li class="archive-list-item">
				<a class="archive-list-link" href="/tags/逻辑实现/" title="逻辑实现">逻辑实现<sup>5</sup></a>
			</li>
		
		</ul>
</div>


    <div class="archiveslist">
    <p class="asidetitle"><a href="/archives">about</a></p>
      <ul class="archive-list">
      	<li class="archive-list-item">
      		<a>wangbeishan@163.com</a>
      		<a href="https://github.com/godbasin">github.com/godbasin</a>
      	</li>
      </ul>
  </div>

  <div class="rsspart">
	<a href="/atom.xml" target="_blank" title="rss">RSS 订阅</a>
</div>

</aside>
</div>
    </div>
    <footer><div id="footer" >
	
	<section class="info">
		<p> 即使梦想再小，却很伟大 ^_^ </p>
	</section>
	 
		<p class="copyright">Powered by <a href="http://hexo.io" target="_blank" title="hexo">hexo</a> and Theme by <a href="https://github.com/A-limon/pacman" target="_blank" title="Pacman">Pacman</a> © 2019 
		
		<a href="https://godbasin.github.io" target="_blank" title="被删">被删</a>
		
		</p>
</div>
</footer>
    <script src="/js/jquery-2.1.0.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){ 
  $('.navbar').click(function(){
    $('header nav').toggleClass('shownav');
  });
  var myWidth = 0;
  function getSize(){
    if( typeof( window.innerWidth ) == 'number' ) {
      myWidth = window.innerWidth;
    } else if( document.documentElement && document.documentElement.clientWidth) {
      myWidth = document.documentElement.clientWidth;
    };
  };
  var m = $('#main'),
      a = $('#asidepart'),
      c = $('.closeaside'),
      o = $('.openaside');
  $(window).resize(function(){
    getSize(); 
    if (myWidth >= 1024) {
      $('header nav').removeClass('shownav');
    }else
    {
      m.removeClass('moveMain');
      a.css('display', 'block').removeClass('fadeOut');
      o.css('display', 'none');
      
      $('#toc.toc-aside').css('display', 'none');
        
    }
  });
  c.click(function(){
    a.addClass('fadeOut').css('display', 'none');
    o.css('display', 'block').addClass('fadeIn');
    m.addClass('moveMain');
  });
  o.click(function(){
    o.css('display', 'none').removeClass('beforeFadeIn');
    a.css('display', 'block').removeClass('fadeOut').addClass('fadeIn');      
    m.removeClass('moveMain');
  });
  $(window).scroll(function(){
    o.css("top",Math.max(80,260-$(this).scrollTop()));
  });
});
</script>

<script type="text/javascript">
$(document).ready(function(){ 
  var ai = $('.article-content>iframe'),
      ae = $('.article-content>embed'),
      t  = $('#toc'),
      h  = $('article h2')
      ah = $('article h2'),
      ta = $('#toc.toc-aside'),
      o  = $('.openaside'),
      c  = $('.closeaside');
  if(ai.length>0){
    ai.wrap('<div class="video-container" />');
  };
  if(ae.length>0){
   ae.wrap('<div class="video-container" />');
  };
  if(ah.length==0){
    t.css('display','none');
  }else{
    c.click(function(){
      ta.css('display', 'block').addClass('fadeIn');
    });
    o.click(function(){
      ta.css('display', 'none');
    });
    $(window).scroll(function(){
      ta.css("top",Math.max(140,320-$(this).scrollTop()));
    });
  };
});
</script>







  </body>
</html>
